Aperçu
Commvault Command Center Innovation Release 11.38 contains an unauthenticated path traversal vulnerability in ZIP file upload functionality that allows attackers to upload and extract malicious files, leading to remote code execution. This is a critical vulnerability requiring no authentication or user interaction. La vulnérabilité a été divulguée le April 22, 2025. CISA a identifié CVE-2025-34028 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Commvault Command Center contains a critical path traversal vulnerability in its ZIP file upload processing mechanism. The vulnerability allows unauthenticated attackers to upload ZIP files containing crafted paths that traverse directory boundaries during extraction. When the application processes these malicious ZIP files without proper path validation, attackers can write arbitrary files to sensitive locations on the server, enabling remote code execution with the privileges of the application.
La vulnérabilité est classifiée comme CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')) etCWE-434 (Unrestricted Upload of File with Dangerous Type) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Unauthenticated attackers can achieve remote code execution on affected Commvault Command Center servers. This allows attackers to: (1) Execute arbitrary commands with application-level privileges, (2) Access sensitive backup data and configurations stored in the database, (3) Modify or delete critical backup metadata and configurations, (4) Potentially pivot to other systems on the network, (5) Compromise the backup and disaster recovery infrastructure of affected organizations. The severity is extreme as Command Center is typically deployed in critical infrastructure environments managing organizational backups.
Mitigation et contournements
1. Check your current Commvault Command Center version via the admin console 2. Download the latest available patch from the Commvault Customer Support Portal 3. Follow Commvault's standard patch deployment procedures documented in their release notes 4. Restart the Command Center services after patching 5. Verify the patch installation by confirming the version number in the admin console 6. Test backup and restore operations to ensure functionality is intact Les versions suivantes incluent les correctifs nécessaires : Command Center Innovation Release 11.39 or later, Command Center Innovation Release 2024.11 or later (if applicable).
Comme contournements temporaires : restrict network access to the commvault command center web interface using firewall rules or network segmentation. only allow access from trusted management networks and administrative stations.; disable or restrict zip file upload functionality if not required for operations. check application settings and disable unused file upload features.; implement web application firewall (waf) rules to block or inspect zip file uploads to the vulnerable endpoint. monitor for suspicious file upload patterns., et monitor application logs for suspicious zip file upload attempts and unusual file system access patterns indicating exploitation attempts..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
